- Dec 17, 2017
-
-
Pauli authored
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4950)
-
Dr. Matthias St. Pierre authored
Previously, the RAND_DRBG_uninstantiate() call was not exactly inverse to RAND_DRBG_instantiate(), because some important member values of the drbg->ctr member where cleared. Now these values are restored internally. Signed-off-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/4402)
-
Dr. Matthias St. Pierre authored
Signed-off-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/4402)
-
Dr. Matthias St. Pierre authored
Every DRBG now supports automatic reseeding not only after a given number of generate requests, but also after a specified time interval. Signed-off-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/4402)
-
Dr. Matthias St. Pierre authored
A third shared DRBG is added, the so called master DRBG. Its sole purpose is to reseed the two other shared DRBGs, the public and the private DRBG. The randomness for the master DRBG is either pulled from the os entropy sources, or added by the application using the RAND_add() call. The master DRBG reseeds itself automatically after a given number of generate requests, but can also be reseeded using RAND_seed() or RAND_add(). A reseeding of the master DRBG is automatically propagated to the public and private DRBG. This construction fixes the problem, that up to now the randomness provided by RAND_add() was added only to the public and not to the private DRBG. Signed-off-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/4402)
-
Paul Yang authored
Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matt Caswell <matt@openssl.org> GH: #4934
-
Daniel Bevenius authored
This commit adds comments to bio_method_st definitions where the function pointers are defined as NULL. Most of the structs have comments but some where missing and not all consitent. CLA: trivial Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4881)
-
- Dec 15, 2017
-
-
Bernd Edlinger authored
Rename bio_info_cb to BIO_info_cb. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4493)
-
Bernd Edlinger authored
Ignore libssl.map/libcrypto.map instead of ssl.map/crypto.map Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4932)
-
- Dec 14, 2017
-
-
Todd Short authored
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4931)
-
Matt Caswell authored
Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4701)
-
Matt Caswell authored
Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4701)
-
Matt Caswell authored
Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4701)
-
Matt Caswell authored
This fixes a bug where some CCS records were written with the wrong TLS record version. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4701)
-
Matt Caswell authored
Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4701)
-
Matt Caswell authored
Flush following the CCS after an HRR. Only flush the HRR if middlebox compat is turned off. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4701)
-
Matt Caswell authored
Normally we flush immediately after writing the ClientHello. However if we are going to write a CCS immediately because we've got early_data to come, then we should move the flush until after the CCS. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4701)
-
Matt Caswell authored
Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4701)
-
Matt Caswell authored
Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4701)
-
Matt Caswell authored
Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4701)
-
Matt Caswell authored
Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4701)
-
Matt Caswell authored
The CCS may be sent at different times based on whether or not we sent an HRR earlier. In order to make that decision this commit also updates things to make sure we remember whether an HRR was used or not. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4701)
-
Matt Caswell authored
Ensure that after an HRR we can only negotiate TLSv1.3 Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4701)
-
Matt Caswell authored
Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4701)
-
Matt Caswell authored
Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4701)
-
Matt Caswell authored
Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4701)
-
Matt Caswell authored
Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4701)
-
Matt Caswell authored
Since we no longer do version negotiation during the processing of an HRR we do not need the TLSv1.3 specific write transition for ClientHello Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4701)
-
Matt Caswell authored
Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4701)
-
Matt Caswell authored
Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4701)
-
Matt Caswell authored
Clients will send a "fake" session id and servers must echo it back. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4701)
-
Matt Caswell authored
The new ServerHello format is essentially now the same as the old TLSv1.2 one, but it must additionally include supported_versions. The version field is fixed at TLSv1.2, and the version negotiation happens solely via supported_versions. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4701)
-
Matt Caswell authored
Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4701)
-
- Dec 13, 2017
-
-
Bernd Edlinger authored
Reduce RSA_MAX_PRIME_NUM to 5. Remove no longer used RSA_MIN_PRIME_SIZE. Make rsa_multip_cap honor RSA_MAX_PRIME_NUM. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4905)
-
Richard Levitte authored
Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4921)
-
Viktor Dukhovni authored
Also improved documentation of TRUSTED_FIRST Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
-
- Dec 12, 2017
-
-
Ben Kaduk authored
Fix a typo for "retrieve" and some indentation. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/4919)
-
Daniel Bevenius authored
Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4917)
-
Patrick Steuer authored
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4916)
-
Richard Levitte authored
If OPENSSL_init_crypto() hasn't been called yet when ERR_get_state() is called, it need to be called early, so the base initialization is done. On some platforms (those who support DSO functionality and don't define OPENSSL_USE_NODELETE), that includes a call of ERR_set_mark(), which calls this function again. Furthermore, we know that ossl_init_thread_start(), which is called later in ERR_get_state(), calls OPENSSL_init_crypto(0, NULL), except that's too late. Here's what happens without an early call of OPENSSL_init_crypto(): => ERR_get_state(): => CRYPTO_THREAD_get_local(): <= NULL; # no state is found, so it gets allocated. => ossl_init_thread_start(): => OPENSSL_init_crypto(): # Here, base_inited is set to 1 # before ERR_set_mark() call => ERR_set_mark(): => ERR_get_state(): => CRYPTO_THREAD_get_local(): <= NULL; # no state is found, so it gets allocated!!!!! => ossl_init_thread_start(): => OPENSSL_init_crypto(): # base_inited is 1, # so no more init to be done <= 1 <= => CRYPTO_thread_set_local(): <= <= <= <= 1 <= => CRYPTO_thread_set_local() # previous value removed! <= Result: double allocation, and we have a leak. By calling the base OPENSSL_init_crypto() early, we get this instead: => ERR_get_state(): => OPENSSL_init_crypto(): # Here, base_inited is set to 1 # before ERR_set_mark() call => ERR_set_mark(): => ERR_get_state(): => OPENSSL_init_crypto(): # base_inited is 1, # so no more init to be done <= 1 => CRYPTO_THREAD_get_local(): <= NULL; # no state is found, so it gets allocated # let's assume we got 0xDEADBEEF => ossl_init_thread_start(): => OPENSSL_init_crypto(): # base_inited is 1, # so no more init to be done <= 1 <= 1 => CRYPTO_thread_set_local(): <= <= <= <= 1 => CRYPTO_THREAD_get_local(): <= 0xDEADBEEF <= 0xDEADBEEF Result: no leak. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4913)
-